Merge branch 'rc/refactor-project_policy_spec' into 'master'

Refactor spec/policies/project_policy_spec.rb to minimize the diff with CE

See merge request gitlab-org/gitlab-ee!2953

spec/policies/project_policy_spec.rb

 require 'spec_helper'
 
 describe ProjectPolicy do
-  let(:guest) { create(:user) }
-  let(:reporter) { create(:user) }
-  let(:dev) { create(:user) }
-  let(:master) { create(:user) }
-  let(:owner) { create(:user) }
-  let(:auditor) { create(:user, :auditor) }
-  let(:admin) { create(:admin) }
+  set(:guest) { create(:user) }
+  set(:reporter) { create(:user) }
+  set(:developer) { create(:user) }
+  set(:master) { create(:user) }
+  set(:owner) { create(:user) }
+  set(:admin) { create(:admin) }
   let(:project) { create(:project, :public, namespace: owner.namespace) }
 
-  let(:guest_permissions) do
+  let(:base_guest_permissions) do
     %i[
       read_project read_board read_list read_wiki read_issue read_label
-      read_issue_link read_milestone read_project_snippet read_project_member
+      read_milestone read_project_snippet read_project_member
       read_note create_project create_issue create_note
       upload_file
     ]
   end
 
-  let(:reporter_permissions) do
+  let(:base_reporter_permissions) do
     %i[
       download_code fork_project create_project_snippet update_issue
-      admin_issue admin_label admin_issue_link admin_list read_commit_status read_build
+      admin_issue admin_label admin_list read_commit_status read_build
       read_container_image read_pipeline read_environment read_deployment
       read_merge_request download_wiki_code
     ]
@@ -42,10 +41,9 @@ describe ProjectPolicy do
     ]
   end
 
-  let(:master_permissions) do
+  let(:base_master_permissions) do
     %i[
-      push_code_to_protected_branches delete_protected_branch
-      update_project_snippet update_environment
+      delete_protected_branch update_project_snippet update_environment
       update_deployment admin_project_snippet
       admin_project_member admin_note admin_wiki admin_project
       admin_commit_status admin_build admin_container_image
@@ -68,21 +66,20 @@ describe ProjectPolicy do
     ]
   end
 
-  let(:auditor_permissions) do
-    %i[
-      download_code download_wiki_code read_project read_board read_list
-      read_wiki read_issue read_label read_issue_link read_milestone read_project_snippet
-      read_project_member read_note read_cycle_analytics read_pipeline
-      read_build read_commit_status read_container_image read_environment
-      read_deployment read_merge_request read_pages
-    ]
-  end
+  # Used in EE specs
+  let(:additional_guest_permissions)  { [] }
+  let(:additional_reporter_permissions) { [] }
+  let(:additional_master_permissions) { [] }
+
+  let(:guest_permissions) { base_guest_permissions + additional_guest_permissions }
+  let(:reporter_permissions) { base_reporter_permissions + additional_reporter_permissions }
+  let(:master_permissions) { base_master_permissions + additional_master_permissions }
 
   before do
-    project.team << [guest, :guest]
-    project.team << [master, :master]
-    project.team << [dev, :developer]
-    project.team << [reporter, :reporter]
+    project.add_guest(guest)
+    project.add_master(master)
+    project.add_developer(developer)
+    project.add_reporter(reporter)
   end
 
   def expect_allowed(*permissions)
@@ -139,38 +136,41 @@ describe ProjectPolicy do
     end
   end
 
-  context 'when a project has pending invites, and the current user is anonymous' do
-    let(:group) { create(:group, :public) }
-    let(:project) { create(:project, :public, namespace: group) }
-    let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] }
-    let(:anonymous_permissions) { guest_permissions - user_permissions }
+  shared_examples 'project policies as anonymous' do
+    context 'abilities for public projects' do
+      context 'when a project has pending invites' do
+        let(:group) { create(:group, :public) }
+        let(:project) { create(:project, :public, namespace: group) }
+        let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] }
+        let(:anonymous_permissions) { guest_permissions - user_permissions }
 
-    subject { described_class.new(nil, project) }
+        subject { described_class.new(nil, project) }
 
-    before do
-      create(:group_member, :invited, group: group)
-    end
+        before do
+          create(:group_member, :invited, group: group)
+        end
 
-    it 'does not grant owner access' do
-      expect_allowed(*anonymous_permissions)
-      expect_disallowed(*user_permissions)
+        it 'does not grant owner access' do
+          expect_allowed(*anonymous_permissions)
+          expect_disallowed(*user_permissions)
+        end
+      end
     end
-  end
 
-  context 'abilities for non-public projects' do
-    let(:project) { create(:project, namespace: owner.namespace) }
+    context 'abilities for non-public projects' do
+      let(:project) { create(:project, namespace: owner.namespace) }
 
-    subject { described_class.new(current_user, project) }
-
-    context 'with no user' do
-      let(:current_user) { nil }
+      subject { described_class.new(nil, project) }
 
       it { is_expected.to be_banned }
     end
+  end
 
-    context 'guests' do
-      let(:current_user) { guest }
+  shared_examples 'project policies as guest' do
+    subject { described_class.new(guest, project) }
 
+    context 'abilities for non-public projects' do
+      let(:project) { create(:project, namespace: owner.namespace) }
       let(:reporter_public_build_permissions) do
         reporter_permissions - [:read_build, :read_pipeline]
       end
@@ -191,7 +191,7 @@ describe ProjectPolicy do
         end
       end
 
-      context 'public builds disabled' do
+      context 'when public builds disabled' do
         before do
           project.update(public_builds: false)
         end
@@ -204,8 +204,7 @@ describe ProjectPolicy do
 
       context 'when builds are disabled' do
         before do
-          project.project_feature.update(
-            builds_access_level: ProjectFeature::DISABLED)
+          project.project_feature.update(builds_access_level: ProjectFeature::DISABLED)
         end
 
         it do
@@ -214,9 +213,13 @@ describe ProjectPolicy do
         end
       end
     end
+  end
 
-    context 'reporter' do
-      let(:current_user) { reporter }
+  shared_examples 'project policies as reporter' do
+    context 'abilities for non-public projects' do
+      let(:project) { create(:project, namespace: owner.namespace) }
+
+      subject { described_class.new(reporter, project) }
 
       it do
         expect_allowed(*guest_permissions)
@@ -228,9 +231,13 @@ describe ProjectPolicy do
         expect_disallowed(*owner_permissions)
       end
     end
+  end
 
-    context 'developer' do
-      let(:current_user) { dev }
+  shared_examples 'project policies as developer' do
+    context 'abilities for non-public projects' do
+      let(:project) { create(:project, namespace: owner.namespace) }
+
+      subject { described_class.new(developer, project) }
 
       it do
         expect_allowed(*guest_permissions)
@@ -241,9 +248,13 @@ describe ProjectPolicy do
         expect_disallowed(*owner_permissions)
       end
     end
+  end
 
-    context 'master' do
-      let(:current_user) { master }
+  shared_examples 'project policies as master' do
+    context 'abilities for non-public projects' do
+      let(:project) { create(:project, namespace: owner.namespace) }
+
+      subject { described_class.new(master, project) }
 
       it do
         expect_allowed(*guest_permissions)
@@ -254,9 +265,13 @@ describe ProjectPolicy do
         expect_disallowed(*owner_permissions)
       end
     end
+  end
+
+  shared_examples 'project policies as owner' do
+    context 'abilities for non-public projects' do
+      let(:project) { create(:project, namespace: owner.namespace) }
 
-    context 'owner' do
-      let(:current_user) { owner }
+      subject { described_class.new(owner, project) }
 
       it do
         expect_allowed(*guest_permissions)
@@ -267,9 +282,13 @@ describe ProjectPolicy do
         expect_allowed(*owner_permissions)
       end
     end
+  end
+
+  shared_examples 'project policies as admin' do
+    context 'abilities for non-public projects' do
+      let(:project) { create(:project, namespace: owner.namespace) }
 
-    context 'admin' do
-      let(:current_user) { admin }
+      subject { described_class.new(admin, project) }
 
       it do
         expect_allowed(*guest_permissions)
@@ -280,11 +299,44 @@ describe ProjectPolicy do
         expect_allowed(*owner_permissions)
       end
     end
+  end
+
+  it_behaves_like 'project policies as anonymous'
+  it_behaves_like 'project policies as guest'
+  it_behaves_like 'project policies as reporter'
+  it_behaves_like 'project policies as developer'
+  it_behaves_like 'project policies as master'
+  it_behaves_like 'project policies as owner'
+  it_behaves_like 'project policies as admin'
+
+  context 'EE' do
+    let(:additional_guest_permissions)  { [:read_issue_link] }
+    let(:additional_reporter_permissions) { [:admin_issue_link]}
+    let(:additional_master_permissions) { [:push_code_to_protected_branches] }
+    let(:auditor_permissions) do
+      %i[
+        download_code download_wiki_code read_project read_board read_list
+        read_wiki read_issue read_label read_issue_link read_milestone read_project_snippet
+        read_project_member read_note read_cycle_analytics read_pipeline
+        read_build read_commit_status read_container_image read_environment
+        read_deployment read_merge_request read_pages
+      ]
+    end
+
+    it_behaves_like 'project policies as anonymous'
+    it_behaves_like 'project policies as guest'
+    it_behaves_like 'project policies as reporter'
+    it_behaves_like 'project policies as developer'
+    it_behaves_like 'project policies as master'
+    it_behaves_like 'project policies as owner'
+    it_behaves_like 'project policies as admin'
 
     context 'auditor' do
-      let(:current_user) { auditor }
+      let(:auditor) { create(:user, :auditor) }
+
+      subject { described_class.new(auditor, project) }
 
-      context 'not a team member' do
+      context 'who is not a team member' do
         it do
           is_expected.to be_disallowed(*developer_permissions)
           is_expected.to be_disallowed(*master_permissions)
@@ -294,9 +346,9 @@ describe ProjectPolicy do
         end
       end
 
-      context 'team member' do
+      context 'who is a team member' do
         before do
-          project.team << [auditor, :guest]
+          project.add_guest(auditor)
         end
 
         it do